Hackers and Bad Actors Turn Your Typos Into Weapons
It’s hard to track down the many ways malware can infect your devices, but a “typo” is one of the most insidious. As the name suggests, hackers create websites, download links, and other legitimate-looking but malicious URLs that contain small misspellings that are easy to miss.
It’s a simple idea, but a typo is surprisingly effective. According to a recently published study by Cyble and BleepingComputer , there are hundreds of misspelled URLs that use common misspellings such as “Tlk Tok”, “Google Payce” or “PaltPal” and infect Android and Windows devices with malware. And that’s just these specific typo campaigns – there can be many more malicious typo links masquerading as legitimate sites, so it’s important to know how these attacks work and how to avoid them.
How does a typo work?
There are several ways that tiposquatting can play out. For example, hackers can create convincing login screens for popular apps and websites like TikTok or Twitter. Users will “log in” to a fake site thinking they are going to the real one (in some cases, the fake pages are sophisticated enough that after logging in they redirect to the real site), when in fact they are handing over their login. credentials and open the door for malware attack.
Similarly, hackers can also download malicious versions of popular apps, Github repositories, or other frequently downloaded files through URLs that are nearly identical to legitimate download links. Sometimes they may even use cloned versions of files to make them look safe but secretly contain malware.
The typo campaigns detected by Cyble and BleepingComputer use dangerous malware such as Vidar Stealer that can steal banking information, login credentials, and other sensitive personal data; Agent Tesla, which can receive information from web browsers, VPNs and other applications; and even programs to steal cryptocurrencies. Other typo attacks may use other forms of malware.
Whatever is hidden in these misspelled URLs, the trick is to get people to open fake links instead of the real ones. A common technique is the use of typos in phishing and smishing campaigns . Attackers send out emails or text messages purporting to be from official sources, and unsuspecting users click on the link. In other cases, users simply mistype a URL or search term and end up on a malware-infected web page or download a dangerous file.
How you can avoid typo attacks
The best way to deal with typos is for legitimate companies to buy misspelled URLs so that threat agents can’t use them against their users. However, there are ways the average person can avoid these attacks if they know what to look out for.
As we often talk about phishing attacks , the simplest solution is to never click on links or download files from unknown email addresses, phone numbers, or websites. Enabling text and email spam filters can also prevent phishing attempts from reaching your inbox. It is possible that some bad links will still slip through, so check out the tell-tale signs of phishing emails .
- turned off
However, you can also stumble upon typos in links if you type the URL or search term yourself, so make sure you double check websites and download links to make sure they are correct . Bookmark the websites you visit most often, especially the login pages. Thus, you will always know that you are on the real one.
Similarly, make sure you are looking for the correct download links on sites like Github. Double-check your spelling again and make sure you’re referring to the actual download source.
Another simple check is to make sure the URL includes HTTPS, which is more secure than HTTP. Some browsers include a “Force HTTPS” option and often won’t even connect to websites that don’t use HTTPS without prior warning.
Finally, effective anti-malware software can also act as a last line of defense against accidentally downloaded infected files. Just don’t rely on it as your only defense against malware – you also need to avoid threats in advance.
[ TechRadar ]